systemd-journald, was: Unintended consequences of no default MTA - How best to fix
Chris Murphy
lists at colorremedies.com
Thu Jan 2 03:33:29 UTC 2014
On Jan 1, 2014, at 2:47 PM, Lars E. Pettersson <lars at homer.se> wrote:
> On 01/01/2014 10:19 PM, Rahul Sundaram wrote:
>> If you want to find out what journalctl can support, look at the man
>> page. If you have suggestions for improvements, post it in Bugzilla like
>> I did yesterday.
>
> OK, I thought you meant that you knew an option that did it "pixel perfect". Perhaps I misunderstood you.
>
> Bugzilla 1047700
rsyslog pulls data directly from journal files, so the source data is identical. What's different is how journalctl displays it compared to the message file rsyslog produces from the same journal file. I think this might be more a feature request of rsyslog than systemd, but if you're going to ask two projects to somehow negotiate and coordinate on producing an identical formatting of the journal file, I think it won't go anywhere. If you prefer the formatting of rsyslog then use that. If you prefer the formatting of journalctl use that, it's already available anyway and even has advantages to help you parse it to get what you're looking for.
I think this is the response you're likely to get if you get one at all:
https://lists.fedoraproject.org/pipermail/devel/2013-July/185783.html
> What improvements? Is it possible to get it "a pixel perfect match" using options?
There are a lot.
The journal is non-optional in systemd, it's available from very early boot unlike syslog so you'll find debugging boot problems actually possible rather than through inference. With some boot options it can produce rather prolific output to console, and if this is a VM you can get all of this information from the 1st nanosecond of boot via virsh console.
journalctl -b to get only the current boot messages, which you can't do with /var/log/messages which dumps every boot into the same file until it get rotated.
Timestamps are UTC and converted by default with the client to local time, and there's other handling possible to make conversions easy, including outputting monotonically. You can also reformat as JSON on the fly, it does not affect the journal file itself.
journalctl can be used to manipulate the logs on any computer. You don't need systemd to use journalctl. And you can merge multiple journals, including remote ones, to show their entries interleaved.
You can use -p to filter by priority, 0 is emergency messages only, 7 is debug level.
It detects corruption of the journal files, and if detected warns, still reads it but won't write to it anymore. Instead it creates a new journal file to write to. Multiple journal files are read from as needed, you don't need to state which file to read from.
Good examples from the megathread on devel@ some months ago.
https://lists.fedoraproject.org/pipermail/devel/2013-July/185413.html
https://lists.fedoraproject.org/pipermail/devel/2013-July/185502.html
https://lists.fedoraproject.org/pipermail/devel/2013-July/185782.html
Chris Murphy
More information about the users
mailing list